Cloud Security Scanner

Automatically scan your App Engine apps for common
vulnerabilities

Automated Vulnerability Scanning

Cloud Security Scanner is a web security scanner for common
vulnerabilities in Google App Engine applications. It can automatically scan and detect
four common vulnerabilities, including cross-site-scripting (XSS), Flash injection,
mixed content (HTTP in HTTPS), and outdated/insecure libraries. It enables early
identification and delivers very low false positive rates. You can easily setup, run,
schedule, and manage security scans and it is free for Google Cloud Platform users.

Find Common Security Vulnerabilities

Detect key vulnerabilities in development prior to production. After you set up a scan,
Cloud Security Scanner automatically crawls your application, following all links within
the scope of your starting URLs, and attempts to exercise as many user inputs and event
handlers as possible.

Focus on Actionable Results

The findings for XSS, Flash injection, mixed content usage, and outdated/insecure
libraries all have very low false positive rates. Results are highlighted to enable you
to explore and verify in detail and focus on fixes.

Integrates Easily With Your Processes

You can easily setup and run on-demand immediate or scheduled security scans from the
Google Cloud Platform Console. Scans should be run from a test environment and test
accounts and are enabled for targets only within your App Engine project to prevent
unintended effects.

Scans are run using Chrome, Safari, Blackberry or Nokia browser agents.

User Authentication

Supports both Google and non-Google accounts and automatically handles common login
scenarios.

SECURITY SCANNER PRICING

There is no separate charge for using Cloud Security Scanner.
However, using the scanner impacts App Engine instance quota limits, bandwidth (traffic)
charges, and quotas for API calls to App Engine services, such as mail, search, etc.
Learn more in our pricing guide.